For more than two years, Congress has struggled to pass cybersecurity legislation that would permit broad liability exemptions for industries that share information about cyber attacks. Venable partner and retired Navy Rear Admiral Jamie Barnett, who moderated the panel, commented on the issue, saying “no legislation seems likely in the short term,” but added that the executive order “is pushing the envelope on information sharing...Ultimately, legislation will be needed.”
For now, Venable attorneys said industries can use the SAFETY Act – a post-9/11 law designed to boost development of counterterrorism technologies – to earn recognition from the Department of Homeland Security (DHS) for liability exemptions tied to products and services used in counterterrorism activities, including cybersecurity. Partner Diz Locaria, who spoke at the event, showed companies how to procure DHS “designation” and “certification” under the SAFETY Act for liability limitations. The Act “could be one of the tools in your toolbox to limit liability as it relates to cybersecurity,” Locaria told industry officials.
He added that the Obama administration’s upcoming framework for voluntary cybersecurity standards, established by the president’s executive order issued in February, will offer a “baseline” allowing companies to “demonstrate the effectiveness” of cybersecurity measures to DHS and gain protections under the SAFETY Act.
Associate Jason Wool also spoke at the event, and highlighted a DHS proposed list of incentives which included collaboration with the insurance industry, rate recovery for regulated industries like electric utilities, and technical assistance. Wool noted that liability limitations also made the list, but the issue is still “being studied.”
Inside Cybersecurity featured news of this event in an article on September 27, 2013.